For Consumer

Virus Profile: Generic Exploit!q2m

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 7/6/2012
Date Added: 7/6/2012
Origin: Unknown
Length: Varies
Type: Trojan
Subtype: Exploit
DAT Required: 6764
Removal Instructions
   
 
 
   

Description

    An initial threat vector may be hosted on a website in the form of an Applet. The Applet would contain code to exploit CVE-2012-1723.The intent of the exploit is to surreptitiously download and execute additional malware on the infected system. An indication of this may be the presence unusual traffic to unknown domains.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)

Aliases -

Avast   - Java:CVE-2012-1723-AM [Expl]
F-Prot   - Java/Blacole.F
GData   - Java:CVE-2012-1723-AM

Indication of Infection

The exploit may download arbitrary files.
This exploit attempts to download and execute additional malware to the infected system.

Methods of Infection

 This threat exploits an unpatched vulnerability in Sun Microsystems Java.
 This Trojan can be installed while browsing compromised websites.
   

Virus Characteristics

Generic Exploit!q2m is the detection for a malicious Java class files stored within a Java archive (.JAR) , which attempts to exploit a vulnerability in the Java Runtime Environment (JRE) which includes version 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier.

Upon successful exploitation the attacker tries to connect below URL in order to download other payload though remote port 80

Gin[Removed].ru/P4QJr9s7kcyK/uNnPHwE_G
Asia[Removed].com

   

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

   

PC Infected? Get Expert Help

McAfee
Virus Removal Service

Connect to one of our Security Experts by phone. Have your PC fixed remotely - while you watch!

$89.95